SSH Access
Forum » Forum / Network Access » SSH Access
started by: chaydenchayden
on: 1189596758|%e %b %Y, %H:%M %Z|agohover
number of posts: 34
rss icon RSS: new posts
summary:
Hinner's SSH Access revealed
unfold all | fold all | +more options
fold
SSH Access
chaydenchayden 1189596758|%e %b %Y, %H:%M %Z|agohover

The Martin Hinner script is very useful, but there have been questions on exactly what it does and whether it works n all cases. I had used it on one unit, then it was failing on a second, so I decided to figure out for myself exactly what it was doing so that I could build a version with more tracing.

What is going on is that there is an existing "update firmware" page in the MyBook, and you can pass it a URL telling it where to get the update. It does a wget to fetch from that URL (appended with /list.asp). Then it takes that result, looks within it for another URL, does a wget on it, stores the result in a file, and executes that file as root.

So basically you create two web pages, one containing the program you want to execute and another pointing to it, and give it to the built-in firmware upgrade page.

In my case, I took the program from Martin Hinner (which is left in /var/upgrade/latestfw.sh) and modified it to log its progress in /shares/internal/PULBLIC so I could see what was going on, which allowed me to solve my problem. I have now successfully upgraded both a 500G and a 1T unit. I will build a small zip file with instructions so anyone can do this themselves when I have time.

reply | options
unfold SSH Access by chaydenchayden, 1189596758|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
natsuconatsuco 1192702821|%e %b %Y, %H:%M %Z|agohover

Hello, i activate ssh. I change the location of my webserver page so i can't make a new initialization of ssh port. Now i lost my ssh. Can you help me for recover my ssh connection ?

reply | options
unfold Re: SSH Access by natsuconatsuco, 1192702821|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
ionoffionoff 1192728336|%e %b %Y, %H:%M %Z|agohover

I have two options for you.
First Option: http://mybookworld.wikidot.com/forum/t-22278/ssh:connection-refused#post-55516 which creates a temp ssh connection on port 29
Second Option: http://mybookworld.wikidot.com/telnet which installs a temp telnet server on port 23

reply | options
unfold Re: SSH Access by ionoffionoff, 1192728336|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
natsuconatsuco 1192729532|%e %b %Y, %H:%M %Z|agohover

It ask me user and password … so i fill with my user and password … but nothing … just "You have not authorized correctly - please check the manual" ! and i can't access to the web configuration because i change the path in lighttpd ! have you another solution please ?

reply | options
unfold Re: SSH Access by natsuconatsuco, 1192729532|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
ionoffionoff 1192735210|%e %b %Y, %H:%M %Z|agohover

you dont have access to the web config, but you do have access to run firmware upgrades?

If that is the case, I could write a loader to add a user with a preset password for you.

options
unfold Re: SSH Access by ionoffionoff, 1192735210|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
natsuconatsuco 1192736700|%e %b %Y, %H:%M %Z|agohover

OK, can you talk with me on msn messenger please ? moc.liamtoh|8791duanraa#moc.liamtoh|8791duanraa

reply | options
unfold Re: SSH Access by natsuconatsuco, 1192736700|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
natsuconatsuco 1192740823|%e %b %Y, %H:%M %Z|agohover

hi … some news, now i can to connect on telnet modes. But i can't reach port 22 … always message : port 22: Connection refused ! how can i retreive my original ssh port ?

last edited on 1192740918|%e %b %Y, %H:%M %Z|agohover by natsuco + show more
reply | options
unfold Re: SSH Access by natsuconatsuco, 1192740823|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
ZiumZium 1192741250|%e %b %Y, %H:%M %Z|agohover

have a look to /etc/sshd_config
See #Port 22 (may be something else on your side)

options
unfold Re: SSH Access by ZiumZium, 1192741250|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
natsuconatsuco 1192741916|%e %b %Y, %H:%M %Z|agohover

I modify /etc/sshd_config and i activate port
Port 22

new reboot … and always connection rufused !!!

options
unfold Re: SSH Access by natsuconatsuco, 1192741916|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
ZiumZium 1192744170|%e %b %Y, %H:%M %Z|agohover

Please post your /etc/sshd_config
and check if in ps aux sshd is running.

options
unfold Re: SSH Access by ZiumZium, 1192744170|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
ionoffionoff 1192745443|%e %b %Y, %H:%M %Z|agohover

also do you have a ssh load configured in inittab or in init.d?

reply | options
unfold Re: SSH Access by ionoffionoff, 1192745443|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
florisfloris 1192981050|%e %b %Y, %H:%M %Z|agohover

The martin hinner script is a quick hack but far from perfect. The most strange thing is the script does not use the already available functions in de WD MyBook. And blanking the root password is also not advicable for two reasons.

First the enabling of sshd:
There is no need whatsoever for the script to generate the keys and start the sshd daemon. There is already a S29sshd init script in /etc/init.d/. This script checks if sshd is enabled in the /etc/inetd.conf config file. If it finds sshd enabled, it generates the keys when needed and starts the deamon at startup of the MyBook. The only thing the firmware script has to do is uncomment the line "ssh stream tcp nowait root /usr/sbin/sshd sshd -i" in /etc/inetd.conf.

Also, blanking the root password is bad for two reasons: First, the default sshd configuration does not accept a blank password for root on deviced I've seen. So even if the firmware gets the sshd daemon running, a user can connect but not login. Second, the default password is very well known. Just search for the shadow hash on the web: 'root'. The default password from a Busybox shadow file.

I hope I can find some time to write a suitable firmware script.

reply | options
unfold Re: SSH Access by florisfloris, 1192981050|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
ZiumZium 1192981980|%e %b %Y, %H:%M %Z|agohover

Well, I think that martin hinner script has been made before beeing able to ssh to the mybook, so before knowing what was in it and how linux was configured …
Now you understand why it doesn't use what you've seen… so without martin hinner work you won't have been able to know this, except by opening your mybook.

Enjoy making a better hack and a safer one :)

reply | options
unfold Re: SSH Access by ZiumZium, 1192981980|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
florisfloris 1192984738|%e %b %Y, %H:%M %Z|agohover

If Martin did not know what was inside the box, I don't know. I is however noticable he has opend it and posted some internal info before he created the the ssh hack by looking at the dates he posted information about the box. It is not that hard to hook up and mount the disk by use of sata cable. (the nasty part is opening and closing the box without damage :-) ) The best part is that Martin found a security flaw in the firmware upgrade functionality that can be used to hack the box and own it. Fundamental for easy hacking. I think many people are very happy with that work. Now let's make it better then WD wants.

reply | options
unfold Re: SSH Access by florisfloris, 1192984738|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
ZiumZium 1192985424|%e %b %Y, %H:%M %Z|agohover

Sure, I agree to make it better :)

reply | options
unfold Re: SSH Access by ZiumZium, 1192985424|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
florisfloris 1193045950|%e %b %Y, %H:%M %Z|agohover

My sshd enabling script:

#!/bin/sh

# 
# simple 'firmware' script to enable sshd daemon
# on Western Digital My Book World Edition
#
# Background:
# The WD My Book WE has functions to configure and start sshd
# This is triggered at init start/restart when inetd.conf
# has an uncommented ssh config line. Default is commented.
#
# functions:
# - prepare firmware process environment
# - create backup inetd.conf file
# - uncomment ssh daemon in inetd.conf
# - restart ssh daemon via init script
# - stop firmware process
#
# default password for user root is root

echo '#!/bin/sh' > /var/upgrade/upgrade1.sh
chmod 755 /var/upgrade/upgrade1.sh

INETDC=/etc/inetd.conf
INETDCB=/etc/inetd.conf.bak

cp $INETDC $INETDCB
sed 's/^#ssh /ssh /' < $INETDCB > $INETDC

/etc/init.d/S29sshd restart

rm -f /tmp/active_upgrade

exit 0
reply | options
unfold Re: SSH Access by florisfloris, 1193045950|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
florisfloris 1193046568|%e %b %Y, %H:%M %Z|agohover

Almost same to start telnet:
just uncomment the telnet line it in /etc/inetd.conf
/etc/init.d/inetd at start/restart will run the telnet daemon

reply | options
unfold Re: SSH Access by florisfloris, 1193046568|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
ETMegabyteETMegabyte 1213884450|%e %b %Y, %H:%M %Z|agohover

I'm doing this from memory, but I think the syntax is correct as I've used it a number of times. Most of the time when I make a backup copy using a script that 1) may be run multiple times, and 2) I can't readily see the output of, I like to make my backup filenames unique. Maybe change the script above to set INETDCB as shown below might be a good idea?

INETDCB=/etc/inetd.conf.bak.`date +%Y%m%d-%H%M`

Note that I'm using the ‘ key (the one to the left of the 1, not the apostrophe). That will set the backup filename of inetd.conf to inetd.conf.bak.20080619-0905. Then if I run the script more than once, I’ll still be able to get to all previous backup copies of inetd.conf in the future.

Just a thought.

-ET

reply | options
unfold Re: SSH Access by ETMegabyteETMegabyte, 1213884450|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
unleash_your_rageunleash_your_rage 1189679937|%e %b %Y, %H:%M %Z|agohover

I am really looking forward to this 'cause martin hinners's hack doesn't work with my MyBook 500GB. Trying to update the firmware always ends up with an 'no new firmware availible'….

reply | options
unfold Re: SSH Access by unleash_your_rageunleash_your_rage, 1189679937|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
chaydenchayden 1189700716|%e %b %Y, %H:%M %Z|agohover

No new firmware available is caused by the failure of MyBook to fetch the upgrade script.
When you browse to the firmware_upgrade.pl page, it takes the fwserver parameter (martin.hinner.info/mybook/firmware.php) and sticks on /list.asp (giving martin.hinner.info/mybook/firmware.php/list.asp). It then adds some parameters: type=wdg1nc and fw=01.01.18. Then it does a "wget" on that.

Try this:
wget -O out "http://martin.hinner.info/mybook/firmware.php/list.asp?type=wdg1nc&fw=01.01.18"

Or you can just browse to the link above and see what it gives.

You are looking for a returned file containing "href="<some URL>"
If it does not get something back, or if it does not have href= then you get the "No new firmware availabe" message.

If you DO get something OK back, then it does a wget on the URL it received, and then executes the resulting returned file AS ROOT. You can see what that is by doing another wget on what you got back in the first step.
If you browsed to the link above, then click on the link it gave back and view the upgrade program.

You can set this up on your own website by setting up two web pages, one of which points to the other like the pattern above, and the other which contains the upgrade script.

last edited on 1189700929|%e %b %Y, %H:%M %Z|agohover by chayden + show more
reply | options
unfold Re: SSH Access by chaydenchayden, 1189700716|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
takaidestakaides 1191384598|%e %b %Y, %H:%M %Z|agohover

So why would it be failing to find the upgrade script?

Where should we try the wget command?

reply | options
unfold Re: SSH Access by takaidestakaides, 1191384598|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
ionoffionoff 1191430243|%e %b %Y, %H:%M %Z|agohover

Don't trust if it says it fails or not, just try to ssh into the worldbook after about a min or so.

If it allows you to ssh in, then it suceeded. Just add the inittab or init.d entry to make ssh autorun.
Also change your su password.

wget is performed by the upgrade script and wget should be installed in your worldbook by default.

Do remember to have a std user account created in the webinterface to start.

You may want to crate the home directory for your user or setup your user's home dir and group permissions to your public folder. Add to www-data group I beleive. You will need to manually edit the /etc/passwd and /etc/groups files as the user and group commands are not preinstalled.

reply | options
unfold Re: SSH Access by ionoffionoff, 1191430243|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
takaidestakaides 1192591136|%e %b %Y, %H:%M %Z|agohover

I meant, why is it failing to find the 'new firmware available' in the 1.01.18 firmware upgrade script.

options
unfold Re: SSH Access by takaidestakaides, 1192591136|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
ionoffionoff 1192593725|%e %b %Y, %H:%M %Z|agohover

It may have something to do with the fact that
http://websupport.wdc.com/firmware/list.asp?type=wdg1nc&fw=01.00.0
shows no upgrade availiable for all versions tried.

http://mybookworld.wikidot.com/forum/t-19138/auth-firmware-upgrade-pl#post-54700

reply | options
unfold Re: SSH Access by ionoffionoff, 1192593725|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
WorldBookWorldBook 1194902761|%e %b %Y, %H:%M %Z|agohover

Has anyone managed to get ssh access via the above method on MyBook World Edition ?
My world edition firmware is 01.01.12 (it's a 1TB (2x 500GB) )

I have tried the above, but only get the no firmware page (so according to the above posts,
my world book is not fetching the upgrade script)

On my web server I have two files, in a directory called /mybook.
The first is called latestfw.sh (which is the script above (posted by floris oct 22)
The second file is called list.asp and contains the following

<a href="http://www.MyWebServerName.com/mybook/latestfw.sh">firmware</a>

I'm calling this via

http://MyWorldBookIPAddress/auth/firmware_upgrade.pl?fwserver=www.MyWebServerName.com/mybook

but I just get the "no firmware available" each time.

I've verified that I can wget both files, so directory/file permissions don't appear to be an issue.

Thanks.

reply | options
unfold Re: SSH Access by WorldBookWorldBook, 1194902761|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
WorldBookWorldBook 1194913286|%e %b %Y, %H:%M %Z|agohover

D'oh! Finally got this sorted- I'm replying to my own post here in case anyone else has similar problems-
Basically, my MyBook (World Edition 1TB [2x 500]) was not able to access the internet.

This is Very very subtle.
My  'MyBook'  was connected directly to my laptop, and while my laptop could 
access the internet , the mybook itself could not! Therfore it could not wget the upgrade script.

Workaround:
I entered the web interface for my MyBook and manually configured an ip address, but MOST importantly the
DNS server ip addresses from my ISP This was my problem! With hindsight, I could probably have just used the ipaddress for MyWebServerName and probably got the same results.

Chayden thanks for the analysis, and Floris!! Thanks for the script. Kudos!!

reply | options
unfold Re: SSH Access by WorldBookWorldBook, 1194913286|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
niw3niw3 1195148802|%e %b %Y, %H:%M %Z|agohover

Hi, I saved the above script in upgrade1.sh, put it under my IIS servers wwwroot, created a link to the script in list.asp. Everything, it seems, works on the IIS side. I access the asp from a linux machine, download the script using the link. I use the firmware update url, it says firmware found, followed by a link to download the firmware, followed by a number of warnings. I click download, it says it can't, "try again later". I assume the script should have run inside MBWE by now, but it's not ssh'able yet. Any ideas what am I doing wrong? Thanks a lot.
Update: I think I had to name the update script other than upgrade1.sh :) anyway I could get in finally

last edited on 1195335760|%e %b %Y, %H:%M %Z|agohover by niw3 + show more
reply | options
unfold Re: SSH Access by niw3niw3, 1195148802|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
boudzzboudzz 1200408354|%e %b %Y, %H:%M %Z|agohover

Hi,

I have had the same problem :
"Connection refused" after upgrade the firmware from Martin Hinner and reboot.

I let you see a little problem with chmod :

[root@HDDwd etc]# /usr/sbin/sshd
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh_host_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_key
Could not load host key: /etc/ssh_host_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh_host_rsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_rsa_key
Could not load host key: /etc/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh_host_dsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_dsa_key
Could not load host key: /etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available — exiting.

So prefer to use chmod 600 to chmod 640 and don't forget to check permissions

Regards

reply | options
unfold Re: SSH Access by boudzzboudzz, 1200408354|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access help for WIndows user
UnixmoronUnixmoron 1200497535|%e %b %Y, %H:%M %Z|agohover

Sorry - I am a total Unixmoron.
I run Martin's

http://<IP-OF-YOUR-MYBOOK>/auth/firmware_upgrade.pl?fwserver=martin.hinner.info/mybook/firmware.php

quoted text

. SLow but it worked. Change some names and passwords arround and cannot move beyond it.
How do I run SSH from Windows Vista or XP?
How do I get to the place where I can start seeing and editing linux files on the WorldBookII?

reply | options
unfold Re: SSH Access help for WIndows user by UnixmoronUnixmoron, 1200497535|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access help for WIndows user
LumLum 1200587704|%e %b %Y, %H:%M %Z|agohover

PuTTY is the most popular SSH client for windows.

http://www.chiark.greenend.org.uk/~sgtatham/putty/

Have fun :)

last edited on 1200587738|%e %b %Y, %H:%M %Z|agohover by Lum + show more
reply | options
unfold Re: SSH Access help for WIndows user by LumLum, 1200587704|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
s4mur41s4mur41 1213406511|%e %b %Y, %H:%M %Z|agohover

trying to follow "worldbook" from nov 12th's posts and i am hitting a wall.
i have the 2 files in a dir on my windows server which has IIS running and dns. i can get to my .com website, but subdirectory just gives me page cannot be displayed in browser, i would think the list.asp would show something. what i do know is that i am getting "Failed to access WD Upgrade site" why i what i need help with, any assitance is greatly appriciated.

reply | options
unfold Re: SSH Access by s4mur41s4mur41, 1213406511|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
fraterfrater 1213889205|%e %b %Y, %H:%M %Z|agohover

I have no idea where you are hitting a wall. Besides that, the tutorial doesn't mention an IIS-server running.

I will gladly be of help if you can tell me if you can tell me some more about your config.
Are you able to access the drive as a network disk? Can you access the webpage on it.
Which firmware is it running. Have you hacked the drive before?
Is the NAS getting an IP from a DHCP-server and is it able to go on the Internet without a proxy?

With other words… If a stranger comes in with his laptop, will he be able to go on the Internet by merely plugging in the ethernet cable that's going to your NAS?

last edited on 1213890308|%e %b %Y, %H:%M %Z|agohover by frater + show more
reply | options
unfold Re: SSH Access by fraterfrater, 1213889205|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
s4mur41s4mur41 1214235812|%e %b %Y, %H:%M %Z|agohover

network disk - yes
webpage - yes
firmware - 01.01.18
no just got it 2 weeks ago this was the 1st thing i wanted to do. i just dont currently have a linux box with sata ports
manually set IP, no proxy, just changed dns to my web server.
I am trying to follow the way floris did the hack. tried several variations:
http://<NAS IP>/auth/firmware_upgrade.pl?fwserver=<webserver IP>/mybook/list.asp
http://<NAS IP>/auth/firmware_upgrade.pl?fwserver=<webserver IP>/mybook
http://<NAS IP>/auth/firmware_upgrade.pl?fwserver=<www.webserver.com>/mybook
http://<NAS IP>/auth/firmware_upgrade.pl?fwserver=<www.webserver.com>/mybook/.list.asp
all give me
"Error Code:: f00030
Failed to access WD Upgrade site
Please try again "

greatly appreciate any insight you can provide

reply | options
unfold Re: SSH Access by s4mur41s4mur41, 1214235812|%e %b %Y, %H:%M %Z|agohover
fold
Re: SSH Access
s4mur41s4mur41 1214236053|%e %b %Y, %H:%M %Z|agohover

sorry upgraded firmware now 02.00.18
even after upgrade still same error

reply | options
unfold Re: SSH Access by s4mur41s4mur41, 1214236053|%e %b %Y, %H:%M %Z|agohover
new post
Unless stated otherwise Content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License